In our previous post we highlighted a number of high-profile breaches that made the headlines in the year 2015. From the recent Vtech Learning Lodge hack, that affected about 5 million adults and 2,00,000 children, to the breach at U.S. government’s Office of Personnel Management that resulted in data theft on 22 million current and former federal employees that included the fingerprints of about 5 million – 2015 has seen an escalation in cyber attacks in various domains, thus we thought to give you a limelight on few of the cyber security predictions for 2016.
Talking cyber security predictions, healthcare has become a sweet target for hackers. The hack on two major health insurers, Anthem and Premera, resulted in the largest theft of medical records to date. According to IBM X-Force Interactive Security Incidents data from Jan. 1, 2015 to Oct. 31, 2015, almost 100,000,000 health care records compromised in healthcare breaches making 2015 – the year of the Healthcare industry security breach.
Then there was the Ashley Madison breach which resulted in their customer records being posted publicly, leading to much embarrassment, heartache and perhaps two suicides. It also represented a treasure trove of potential spear-phishing victims.
With the immense loss of data and other cyber breaches on the rise, 2015 was a tough year for companies and security professionals. In the wake of rising cyber crimes and malware, let’s see what are the cyber security predictions for 2016 and what do the industry experts expect for the coming year.
1. The need for improved security on IoT devices will become more pressing – Symantec
As consumers buy more smartwatches, activity trackers, holographic headsets, and other Internet of Things (IoT) devices, the need for improved security on these devices will become more pressing. According to a Gartner report titled Agenda Overview for the Internet of Things, by 2020 close to 30 billion connected things will be in use across a wide range of industries and the IoT will touch every role across the enterprise. There’s no doubt the market for Internet of Things–ready devices is growing but it is still very fragmented, with a rich diversity in low-cost hardware platforms and operating systems. As market leaders emerge and certain ecosystems grow, the attacks against these devices will undoubtedly escalate, as we’ve already seen happen with the attacks on the Android platform. We think that this might be one of the biggest cyber security predictions of 2016.
2. Ransomware will remain a major and rapidly growing threat in 2016 – McAfee Labs
Ransomware will remain a major and rapidly one of the many cyber security predictions 2016. With upcoming new variants and the success of the “ransomware-as-a-service” business model, we predict that the rise of ransomware that started in the third quarter of 2014 will continue in 2016.
In 2015 we saw ransomware-as-a-service hosted on the Tor network and using virtual currencies for payments. We expect to see more of this in 2016, as inexperienced cyber criminals will gain access to this service while staying relatively anonymous.
Although a few families—including CryptoWall 3, CTB-Locker, and CryptoLocker—dominate the current ransomware landscape, we predict that new variants of these families and new families will surface with new stealth functionalities.
3. Mobile wallets and new payment technologies will introduce additional opportunities for credit card theft and fraud – RAYTHEON|WEBSENSE
The payments and payment security landscape are set for some tumultuous shifts to occur in 2016. These seismic shifts are exactly the types of situations from which savvy cyber criminals usually seek to take advantage.
As adoption and the types of transactions capable on mobile phones increases, malware authors will also increase their efforts to steal from a digital wallet. Mobile malware will evolve to use these payment methods to commit fraud. As the cell phone continues to become the preferred two-factor source of authentication for many financial transactions, it has also increased the value of exploiting the mobile device or its applications to empower much more theft than currently seen. Ransomware on mobile may also come as a result of the increased significance of the mobile device in commerce.
4. The US Government Will experience another significant breach – Forrester
Forrester might have done one of the biggest cyber security predictions here. The arm-waving around the cyber security sprint following the US office of Personnel Management (OPM) breach won’t bring about better security. It will be cyber security as usual for the US government, with lower morale as federal employees question the government’s ability to protect sensitive data and hire qualified cyber security experts. Short staffed, under budgeted, and lacking internal discipline to address risks related to toxic data, the US Federal government will continue to suffer breaches. Newer, more restrictive cyber security legislation will pass as a result, leading to more vigorous auditing and focus on regulatory compliance rather than a risk-based approach to security and processes.
5. Enterprise-targeted iOS attacks will emerge – Lookout
It’s fair to say that attackers are increasing their investment on iOS. If you view attackers as rational economic actors, investment in targeting iOS is logical, given Apple’s growing smartphone market share, currently around 14 percent globally as of Q2 2015 according to IDC. This year, for example, the XcodeGhost attack utilized trojanized versions of Xcode, Apple’s development environment, to inject malware into legitimate iOS apps when developers compiled them. Many of these infected apps subsequently made it onto the App Store.
We don’t believe that mainstream attacks from the App Store will become the norm. We do, however, foresee growth in enterprise-targeted iOS attacks given a large amount of data stored on and accessible to enterprise mobile devices and the high prevalence of iOS devices in enterprise environments. It’s highly likely that enterprise targeted attacks on iOS will be conducted via a combination of malicious apps, exploitation of vulnerabilities in legitimate apps, operating system exploitation, and end-user social engineering.
6. Healthcare technology advances will open up new attack vectors – Palo Alto Networks
2015 was a rough year for the healthcare industry. In addition to the fact that there were nine times (9x) more breached healthcare records in 2015 compared to 2014, the top six healthcare breaches in 2015 account for over 98 percent of the 112 million total breached records for the year. Each of the top six was caused by an advanced cyber attack. All signs indicate that sophisticated and targeted cyber attacks in the healthcare industry are increasing with a few of the largest breaches linked to China-sponsored attackers.
In 2016, we will continue to see an increased number of targeted cyber attacks, resulting in major breaches in the healthcare industry.
7. Cyber crime legislation will take a significant step towards becoming a truly global movement – Trend Micro
The next 12 months will see more concrete changes as a result of efforts to fight cyber crime. The good guys will see more indicators of success, be it in faster legislation, successful takedowns, more cyber criminal arrests, and convictions. Governments and authorities will act faster and will give more rapid response to cyber offenses.
The Internet has operated with very lax regulations for years. 2016 will see a significant shift in the mindset of governments and regulators to take on an even more active role in protecting the Internet and safeguarding its users. Cyber crime laws will be in discussion, and changes to outdated cyber security standards will be mandated to bolster an improved stance on security.
With the advent of technology and more connected devices, a common prediction is that cyber threat is bound to rise. It’s important that companies become proactive about the security of their product and apps before it gets attacked. To fight these crimes, building a security team is definitely a solution for but given the costs involved it may not be feasible for most of the organizations. An alternative to this is the third party security tools like Appknox available in the market that help you detect loopholes in your apps and system.
As an end note to all those cyber security predictions that are there from the experts, I’d like to quote Michael Dell here – “Security is something we need to take care of every single day.” As we step into a new year, let’s hope for the best and plan for the worst.
See more quotes: 17 Mobile Security Experts Everyone Should Follow